1. Field of the Invention
The present invention relates to electronic commerce. More specifically, the present invention relates to a method and an apparatus to facilitate secure electronic commerce.
2. Related Art
Electronic commerce across the Internet is rapidly becoming a mainstay of the business world. A consumer wishing to make a purchase on the Internet can use a web browser to select the desired merchandise, and then to offer payment for the merchandise.
While shopping through a web browser is convenient, paying for the merchandise presents problems. Payment can be made using a credit card, a debit card, or an electronic check. Typically, when making payment with any of these methods, the consumer reveals the account number to the merchant so that the merchant can debit the account. Since the Internet is not secure and subject to eavesdropping, the account number is typically sent in encrypted form using a secure socket layer (SSL) system.
Even though SSL can protect the account number while it is in transit over the Internet, the merchant recovers the account number and completes the transaction. In many cases, the merchant also stores the account number in a database. The database then becomes a target for attack, and if the database is not secure, can lead to compromise of the account number to an unscrupulous person. Consequently, many consumers are uncomfortable with revealing their account numbers over the Internet for fear of having their account number stolen and used illegally.
The same problem exists to some degree at a point-of-sale (POS) terminal located at a cash register at the point of sale. The account number can be learned by the merchant and, if not adequately protected, compromised.
The financial institution holding the account typically accepts the transaction as valid if the account is not identified as being invalid. The account is identified as invalid if the account is known or suspected to have been compromised, perhaps by a report of a lost credit card. The financial institution rarely checks the signature on receipts and checks against the signature on file for the account. This leaves the financial institution open to fraud.
The merchant accepting electronic transactions over the Internet has little assurance that the owner of the account originated the transaction. If the consumer later denies making the transaction, it can be difficult for the merchant to prove otherwise.
What is needed is a method and an apparatus that facilitates secure electronic commerce while eliminating the problems identified above.